lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2d6724811001260805m62a2ab83i9dc3d088687ebeb@mail.gmail.com>
Date: Tue, 26 Jan 2010 11:05:27 -0500
From: T Biehn <tbiehn@...il.com>
To: Michael Holstein <michael.holstein@...ohio.edu>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Disk wiping -- An alternate approach?

Entropy vs zeros vs random content.

Plausible deniability will only be there if there is legitimate data
that looks like it's been used and the prosecutor cannot construe any
of your data as that used for wiping or otherwise obscuring the data
on your drive. If you don't have this you better request a trial by
judge rather than jury.

Now;
Your best solution is to use an exterior OS on FDE, then, in a TC
Hidden Disk container have a VM image that you use for 'hidden works.'
You can hand over your FDE's PW and location of TC disk including the
exterior password for great fed win.

-Travis

On Tue, Jan 26, 2010 at 10:08 AM, Michael Holstein
<michael.holstein@...ohio.edu> wrote:
>
>> By the way, does somebody knows about the flash memory?
>> Is zeroing a whole usb key enough to make the data unrecoverable?
>>
>
> No, wear-leveling (done at the memory controller level) will dynamically
> re-map addresses on the actual flash chip to ensure a relatively
> consistent number of write cycles across the entire drive.
>
> The only way to completely "wipe" a flash disk is with a hammer.
>
> Regards,
>
> Michael Holstein
> Cleveland State University
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ